Cisco Secure Access Control Server contains a flaw that may allow an attacker to authenticate against the ACS administration web interface. The issue occurs when the browser successfully authenticates to the ACS GUI. After authentication, a second connection is created between the browser and the ACS administration web service on a random port. If an attacker spoofs the IP address of the client computer during this time period, they may be able to connect to the ACS GUI without authenticating. Further, an attacker may be able to bypass authentication if they are located behind the same PAT device of the ACS user attempting to authenticate.

Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco Systems, Inc. has released a patch to address this vulnerability.

• Security Tracker: 1011065
• Bugtraq ID: 11047
• Secunia Advisory ID: 12386
• ISS X-Force ID: 17118
• CVE ID: 2004-1461 (see also: NVD)
• Related OSVDB ID: 9182 9183 9184
• Keyword: CSCef05950 TCP port 2002
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1069.html
• Vendor URL: http://www.cisco.com/
• Vendor Specific Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

Unknown or Incomplete